I am not sure this helps you, and it is not opensource or free, or even fits into your plan...but it does what you're asking for...

Check Point Secure Client can/does have a local firewall for the users, if configured, and it will block all traffic that isn't specifically for your IP/MAC within those rules. Checkpoint offers a version of ethereal that works with computers running Secure Client, specifically for network admins, security folks, etc.

Personally, I find it to be a big pain in my @ss so I simply disable the firewall and fire up Ethereal. But then again, I have my systems patched and up to date. But it's my @ss I'm risking there. And all it will take is one lucky zero-day vulnerability to ruin my day...